CVE-2023-39422 - HMAC Token Leak in IRM Next Generation Booking Engine (/irmdata/api/) — How a Client-Side JavaScript Mistake Broke Their Security
---
Introduction
CVE-2023-39422 is a security vulnerability found in the IRM Next Generation booking engine — a solution often used by hotels and travel companies for
CVE-2023-39423 - Exploiting SQL Injection in RDPData.dll to Hijack Active Sessions
A serious vulnerability, now tracked as CVE-2023-39423, was found in certain software using the RDPData.dll library. This flaw exposes an API endpoint, /irmdata/api/
CVE-2023-39421 - How Hardcoded API Keys in RDPWin.dll Expose Sensitive Services
A recently disclosed security vulnerability, CVE-2023-39421, highlights the risks of hardcoded secrets in software used by hotels and resorts worldwide. The issue arises in RDPWin.
CVE-2023-36635 - Exploiting Improper Access Control in Fortinet FortiSwitchManager — From Read-Only to Configuration Changes
CVE-2023-36635 is a recently disclosed vulnerability that directly affects Fortinet FortiSwitchManager—an essential piece of software often responsible for the configuration and management of FortiSwitches
CVE-2023-39240 - Format String Vulnerability in ASUS RT-AX56U V2 (`set_iperf3_cli.cgi`) - Full Breakdown & Exploit Details
---
The ASUS RT-AX56U V2 is a popular dual-band Wi-Fi 6 router used in many homes and offices. In August 2023, security researchers discovered a
Episode
00:00:00
00:00:00